Home » BASH » Creating a simple NAT and DMZ firewall using bash script

Creating a simple NAT and DMZ firewall using bash script

Last updated Oct 4, 2021

In this article, we will create a simple NAT firewall with DMZ using iptables.

Prerequisites

Besides having a Terminal open, you need to ensure that iptables is installed in your machine.

Write script

We will write a script to set up a DMZ using iptables. Create a dmz_iptables.shscript and write the following code in it:

dmz_iptables.sh

# set the default policy to DROP 
iptables -P INPUT DROP 
iptables -P OUTPUT DROP 
iptables -P FORWARD DROP 

# to configure the system as a router, enable ip forwarding by 
sysctl -w net.ipv4.ip_forward=1 
# allow traffic from internal (eth0) to DMZ (eth2) 
iptables -t filter -A FORWARD -i eth0 -o eth2 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT 
iptables -t filter -A FORWARD -i eth2 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT 

# allow traffic from internet (ens33) to DMZ (eth2) 
iptables -t filter -A FORWARD -i ens33 -o eth2 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT 
iptables -t filter -A FORWARD -i eth2 -o ens33 -m state --state ESTABLISHED,RELATED -j ACCEPT 

#redirect incoming web requests at ens33 (200.0.0.1) of FIREWALL to web server at 192.168.20.2 
iptables -t nat -A PREROUTING -p tcp -i ens33 -d 200.0.0.1 --dport 80 -j DNAT --to-dest 192.168.20.2 
iptables -t nat -A PREROUTING -p tcp -i ens33 -d 200.0.0.1 --dport 443 -j DNAT --to-dest 192.168.20.2 

#redirect incoming mail (SMTP) requests at ens33 (200.0.0.1) of FIREWALL to Mail server at 192.168.20.3 
iptables -t nat -A PREROUTING -p tcp -i ens33 -d 200.0.0.1 --dport 25 -j DNAT --to-dest 192.168.20.3 

#redirect incoming DNS requests at ens33 (200.0.0.1) of FIREWALL to DNS server at 192.168.20.4 
iptables -t nat -A PREROUTING -p udp -i ens33 -d 200.0.0.1 --dport 53 -j DNAT --to-dest 192.168.20.4 
iptables -t nat -A PREROUTING -p tcp -i ens33 -d 200.0.0.1 --dport 53 -j DNAT --to-dest 192.168.20.4

How it works

In the preceding code, we have used iptables to set up a DMZ. In this script, we are allowing the internal traffic from the internet to the DMZ.

Related Posts

Creating a config file and using it in tandem with your scripts

In this article, we are going to create a config file and use it in our shell script.PrerequisitesBesides having a terminal open, you need basic knowledge of creating scripts and config files.Write scriptNow, we are going to create a script and config file. The...

Calculating and reducing the runtime of a script

In this article, we are going to learn how to calculate and reduce the script’s runtime. A simple time command will help in calculating the execution time.PrerequisitesBesides having a terminal open, make sure you have the necessary scripts present in your...

Using Bash to monitor battery life and optimize it

In this article, we will learn about the TLP Linux tool. TLP is a command-line tool; it is used for power management and will optimize the battery life.PrerequisitesBesides having a Terminal open, you need to ensure that you have TLP installed on your system.How to do...

Making a simple IRC chat bot logger using bash script

In this article, we will make a simple bot logger. This script will log a few channels as well as handle the pings.PrerequisitesBesides having a Terminal open, you need to have basic knowledge of IRC.Write script:Now, we will write a script for an IRC logging bot....

Follow Us

Our Communities

More on BASH

The Ultimate Managed Hosting Platform
Load WordPress Sites in as fast as 37ms!

0 Comments

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

3 + 12 =

Shares